At the time of this announcement, Splunk is not aware of any cases where this vulnerability has been exploited. Splunk recommends that customers upgrade any instances of Splunk to the latest maintenance release as soon as possible.

Splunk also recommends that you apply as many components of the Splunk Hardening Standards as possible to mitigate the risk and impact of exploitation.

Products and Components Affected

Security vulnerabilities addressed by this maintenance release affect the following versions of Splunk running Splunk Web:

Upgrades

Splunk releases are cumulative, meaning that releases posted subsequent to those we are posting today will contain these fixes to these vulnerabilities as well as new features and fixes to other bugs and flaws.

Credit

For SPL-44614 (CVE-2011-4778), Splunk would like to credit Emmanuel Bouillon of the NATO C3 Agency with the responsible disclosure of this issue.

SPL numbers are to be used in communication with Splunk to address specific vulnerabilities. If there is no CVE listed with the vulnerability, the CVE will be added as it is posted.

Reflected XSS in SplunkWeb (SPL-44614) (CVE-2011-4778)

Description: A reflected cross-site scripting vulnerability was identified in Splunk Web. An attacker could trick a user into clicking a specially crafted link that would disclose a valid Splunk session key to the attacker.

Versions Affected: Splunk 4.2 - 4.2.4

Credit: Splunk would like to credit Emmanuel Bouillon of the NATO C3 Agency with the responsible disclosure of this issue.

Remote Code Execution in Splunk Web (SPL-45172) (CVE-2011-4642)

Description: A remote code execution vulnerability was identified in Splunk Web. An attacker could trick a Splunk admin in to visiting a malicious web page or clicking on a specially crafted link which would result in arbitrary code execution on the Splunk server. By default, non-admin Splunk users are not susceptible to this vulnerability.

Versions Affected: Splunk 4.2 - 4.2.4

Credit: Splunk would like to credit Gary Oleary-Steele with the responsible disclosure of this issue.

Directory Traversal in Splunk (SPL-45243) (CVE-2011-4643)

Description: A directory traversal vulnerability was identified in Splunk Web and the Splunkd HTTP Server. A normal Splunk user could exploit this information to read sensitive information from the Splunk server.

Versions Affected: Splunk 4.0 - 4.2.4

Credit: Splunk would like to credit Gary Oleary-Steele with the responsible disclosure of this issue.